MuddyWater’s Macro Mischief: Iranian Hackers Revive Old Tricks in Middle East Cyber Assault
MuddyWater is back, proving old tricks still have a pulse. The state-sponsored Iranian hacker group has revitalized macro-based attacks, sending government entities on a wild malware chase with Phoenix backdoor version 4. Watch out Middle East, MuddyWater’s phishing campaign is a throwback you didn’t ask for, but definitely got served.
Hot Take:
In the latest edition of “Hackers Behaving Badly,” MuddyWater, the Iranian hacker group with a penchant for aliases, is back and causing chaos with their updated Phoenix backdoor. Apparently, the group felt nostalgic for the golden days of macro-based attacks and decided to give them a 2023 makeover. One thing’s for sure, these hackers have more names than a pop star, and their attack strategies are about as welcome as a surprise visit from your in-laws. With their phishing campaign on the loose, it’s clear that MuddyWater is more interested in government secrets than a cat with a laser pointer.
Key Points:
– MuddyWater, also known as Static Kitten, Mercury, and Seedworm, targeted over 100 government entities using the Phoenix backdoor.
– The attack began on August 19, using phishing emails from a compromised account accessed via NordVPN.
– The campaign predominantly focused on embassies and foreign affairs ministries in the Middle East and North Africa.
– The threat actor used macro-laden Word documents to deploy the FakeUpdate malware loader.
– The Phoenix backdoor v4 includes new COM-based persistence and infostealer tools targeting popular web browsers.